CN105187205A - Certificateless authentication key negotiation method and system based on hierarchical identities - Google Patents

Certificateless authentication key negotiation method and system based on hierarchical identities Download PDF

Info

Publication number
CN105187205A
CN105187205A CN201510475808.XA CN201510475808A CN105187205A CN 105187205 A CN105187205 A CN 105187205A CN 201510475808 A CN201510475808 A CN 201510475808A CN 105187205 A CN105187205 A CN 105187205A
Authority
CN
China
Prior art keywords
user
private key
key
pki
random selecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510475808.XA
Other languages
Chinese (zh)
Other versions
CN105187205B (en
Inventor
刘建伟
苏航
陶芮
冯伯昂
宋晨光
夏丹枫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201510475808.XA priority Critical patent/CN105187205B/en
Publication of CN105187205A publication Critical patent/CN105187205A/en
Application granted granted Critical
Publication of CN105187205B publication Critical patent/CN105187205B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a certificateless authentication key negotiation method and system based on hierarchical identities. The method comprises the following steps: solving an elliptical curve circulation additive group according to input safety constants, and calculating a public key of the system by selecting a main private key and two safety hash functions; calculating a part of private keys and a part of public keys of a first user according to the main private key, the identity of the first user and a set of selected random numbers; calculating the private key of the first user according to a part of private keys of the first user and one selected random number; calculating a part of private keys and a part of public keys of the first user according to the upper-layer user identity of the first user, a part of private keys and a part of public keys of the upper-layer user and one random number; and calculating a session key according to temporary information, the private keys and the public keys selected by a second user and a third user. The method disclosed by the invention is applied to large-scale systems and has high efficiency; the key escrow problem is avoided; and the safety key negotiation requirements are satisfied.

Description

Without the authentication key agreement method based on level identity base and the negotiating system of certificate
Technical field
The present invention relates to the cryptographic system without certificate, be specifically related to a kind of authentication key agreement method based on level identity base without certificate and negotiating system.
Background technology
Public-key cryptosystem is the important technology ensureing security of network and information.At traditional PKIX (PKI, PublicKeyInfrastructure) in, need trusted third party to be that user issues certificate to prove the legal identity of user, therefore relate to the problem of a lot of certificate management, occupy a large amount of system related resource.In order to simplify the management process of conventional public-key infrastructure to certificate, Shamir proposed a kind of identity base cryptographic system (IBC, IdentityBasedCryptosystem) in 1984.This system does not use certificate, directly using the identity of user as PKI, private key is generated by believable private key generating center PKG (PublicKeyGenerator).
But in the IBC system of Shamir proposition, the private key of user is generated by PKG completely, if PKG is under attack cause information leakage, then assailant can obtain the long-term private of user, carrys out fake user with this.The key escrow that IBC system that Here it is is intrinsic.In order to address this problem, Al-Riyami and Paterson proposed identity base cryptographic system (CLIBC, CertificatelessIdentityBasedCryptosystem) without certificate in 2003.In this system, PKG is only user's generating portion private key, and the part private key that complete private key is generated in conjunction with PKG by user and self selected privately owned secret value generate jointly.Therefore, certificateless cryptosystem had both solved the certificate management problem in conventional public-key cryptographic system, solved again the key escrow in identity base cryptographic system.
All only containing a PKG in IBE and CLIBE system.PKG not only carries identifying user identity and generates the task of private key for user, also will bear maintenance safe channel so that the task of sending to user of private key safety, and PKG also will be responsible for the renewal of private key for user simultaneously, the work such as to cancel.Obviously, single PKG can not bear large scale system hard work.In order to address this problem, cryptologist Gentry and Silverberg and 2002 year first time proposed level identity base cryptographic system (HIBC, HierarchicalIdentityBasedCryptography).Comprise the territory PKG of a root PKG and multilayer in this system, root PKG authentication domain PKG also generates private key for it, and territory, upper strata PKG verifies lower floor territory PKG and generates private key, until the last layer territory of user for it.But in HIBC system, still there is key escrow.2008, Chow, Roth and Rieffel were then studied the layering cryptographic system (HCLC, HierarchicalCertificatelessCryptography) without certificate first.This system had both remained the advantage of HIBC system, turn avoid the key escrow in HIBC system.
Key agreement, as the foundation in cryptography, has vital effect in secure communication.It allows two entities on open channel, to consult safe session key, to ensure the safety of intercommunication.Based on the identity base cryptographic system without certificate, scholars propose a large amount of identity base subjective entropy without certificate.But, most ofly all to propose under single PKG environment without certificate identity base subjective entropy.Meanwhile, the Bilinear map computing on elliptic curve is consuming time is approximately 20 times of point multiplication operation, and therefore efficiency is lower.For this problem, have scholar to propose the identity base key agreement protocol without certificate without Bilinear map computing, but this quasi-protocol also all propose under single PKG environment.
Elliptic curve cipher (ECC, Ellipticcurvecryptography) is compared with other public-key cryptosystems, and its main advantage is that system parameters is shorter under identical lsafety level, therefore uses the most extensive in identity base cryptographic system.In the key agreement protocol without Bilinear map computing, the fail safe one of agreement is based on Elliptic Curve Discrete Logarithm difficulty hypothesis, namely for the q rank circled addition group on elliptic curve, given two elements wherein it is difficult for calculating a by P, aP, but is easy by P, a calculating aP.Two is based on computational Diffie-Hellman difficulty hypothesis, namely for the q rank circled addition group on elliptic curve, given three elements wherein it is difficult for calculating abP.
Summary of the invention
The present invention is intended at least one of solve the problems of the technologies described above.
For this reason, first object of the present invention is to propose a kind of authentication key agreement method based on level identity base without certificate.
Second object of the present invention is to propose a kind of authenticated key agreement system based on level identity base without certificate.
To achieve these goals, embodiment of the present invention discloses a kind of authentication key agreement method based on level identity base without certificate, comprises the following steps: A: according to the safe constant λ of input, show that exponent number is the elliptic curve circled addition group of q , its generator is P, chooses main private key msk, calculates PKI P pub, choose safe hash function H 1with hash function H 2; B: according to the identity vector ID=(I of first user 1, I 2..., I t), the private key d:B1 of described first user can be generated by two kinds of algorithms: according to described main private key msk, described first user identity vector ID=(I 1, I 2..., I t) and random selecting root PKG calculates part private key k and the part PKI g of described first user 1p ..., g tp, described first user verifies whether described part private key k meets verification condition, if described part private key k meets verification condition, described first user accepts described part private key k and part PKI g 1p ..., g tp; B2: according to described part private key k and part PKI g 1p ..., g tp and random selecting generate private key d and the PKI pk of described first user; Or B ' 1: according to the identity vector ID=(I of described first user 1, I 2..., I t), the identity vector ID of the upper-layer user of described first user pKG=(I 1, I 2..., I t-1), the part private key k ' of described upper-layer user, part PKI { g 1p ..., g t-1p} and random selecting the PKG of described upper-layer user is described first user generating portion private key k and part PKI g 1p ..., g tp, described first user verifies whether described part private key k meets verification condition, if described part private key k meets verification condition, described first user accepts described part private key k and part PKI g 1p ..., g tp; B ' 2: according to described part private key k and part PKI g 1p ..., g tp and random selecting generate private key d and the PKI pk of described first user.
According to the authentication key agreement method based on level identity base without certificate of the embodiment of the present invention, based on the level identity base cryptographic system without certificate, be applicable to large scale system, and method does not contain Bilinear map computing in calculating process, therefore has higher efficiency.The fail safe of method, based on Elliptic Curve Discrete Logarithm difficulty hypothesis and computational Diffie-Hellman difficulty hypothesis, meets the basic security demand needed for key agreement system.
In addition, the authentication key agreement method based on level identity base without certificate according to the above embodiment of the present invention, can also have following additional technical characteristic:
Further, described steps A comprises further: described elliptic curve circled addition group for the elliptic curve circled addition group that the rank meeting safe constant λ are q; Described PKI P pub=sP, wherein main private key msk=s; Described hash function and described hash function wherein for session key space.
Further, described step B1 comprises further: according to described main private key msk, described first user identity vector ID=(I 1, I 2..., I t) and described PKG random selecting calculate r i=H 1(I i|| g ip), wherein 1≤i≤t, the part private key k of described first user is:
k = s + Σ i = 1 t ( g i r i )
If k=0, then need again to choose by safe lane by { g 1p ..., g tp, k} send to described first user, wherein g 1p ..., g tp is the part PKI of described first user, described first user checking following equalities:
k P = P p u b + Σ i = 1 t ( H 1 ( I i | | g i P ) g i P )
If equation is false, then refuse described part private key k and part PKI g 1p ..., g tp.
Further, described step B2 comprises further: random selecting generate described first user private key d,
d=k+x
If d=0, again choose calculate the private key d of described first user, the PKI of described first user is pk={ID, g 1p ..., g tp, xP}.
Further, described step B ' 1 comprises further: according to the identity vector ID=(I of described first user 1, I 2..., I t), described first user upper-layer user ID pKG=(I 1, I 2..., I t-1), the part private key of described upper-layer user part PKI { the g of described upper-layer user 1p ..., g t-1p} and random selecting calculate r t=H 1(I t|| g tp), the PKG of described upper-layer user is that described first user generates described part private key k, and described part private key k is obtained by following formula:
k = k ′ + g t r t = s + Σ i = 1 t - 1 ( g i r i ) + g t r t = s + Σ i = 1 t ( g i r i ) ,
If k=0, then need again to choose calculate described part private key k, by safe lane by { g 1p ..., g tp, k} send to described first user, wherein g 1p ..., g tp is the part PKI of described first user, described first user checking following equalities:
k P = P p u b + Σ i = 1 t ( H 1 ( I i | | g i P ) g i P )
If equation is false, described first user refuses described part private key k and part PKI g 1p ..., g tp.
Further, described step B ' 2 comprises further: random selecting generate described first user private key d,
d=k+x
If d=0, again choose calculate the private key d of described first user, the PKI of described first user is pk={ID, g 1p ..., g tp, xP}.
Further, further comprising the steps of in step B:
C: Stochastic choice second user A and the 3rd user B, according to the identity vector of described second user A second private key for user d a, the second client public key pk awith the identity vector of described 3rd user B 3rd private key for user d b, the 3rd client public key pk b, and the second user and the 3rd user's random selecting with calculate described second user A sends out the first session key sk from message use to described 3rd user B awith described 3rd user B to described second user A send out message use the second session key sk bif, described first session key sk awith described second session key sk bidentical, can securely communicate between described second user A and described 3rd user B.
To achieve these goals, embodiment of the present invention discloses a kind of authenticated key agreement system based on level identity base without certificate, comprising: system sets up module, for the safe constant λ according to input, show that exponent number is q elliptic curve circled addition group its generator is P, chooses main private key msk, calculates PKI P pub, choose safe hash function H 1with hash function H 2; Private key generation module, described private key generation module is used for according to described main private key msk, described first user identity vector ID=(I 1, I 2..., I t) and random selecting calculate part private key k and the part PKI g of described first user 1p ..., g tp, after verifying by authentication module, and according to described part private key k and part PKI g 1p ..., g tp and random selecting generate private key d and the PKI pk of described first user, wherein, the set of expression integer 1,2 ..., q-2, q-1}; Private key commit module, described private key commit module is used for the identity vector ID=(I according to described first user 1, I 2..., I t), the upper-layer user ID of described first user pKG=(I 1, I 2..., I t-1), the part private key k ' of described upper-layer user, part PKI { g 1p ..., g t-1p} and random selecting generate part private key k and the part PKI g of described first user 1p ..., g tp, after described authentication module checking, and according to described part private key k and part PKI g 1p ..., g tp and random selecting generate private key d and the PKI pk of described first user, wherein, the set of expression integer 1,2 ..., q-2, q-1}; Authentication module, the described part private key k that described authentication module is used for described part private key k and the described private key commit module of described private key generation module generation generate verifies.
According to the authenticated key agreement system based on level identity base without certificate of the embodiment of the present invention, based on the level identity base cryptographic system without certificate, be applicable to large scale system, and method does not contain Bilinear map computing in calculating process, therefore has higher efficiency.The fail safe of method, based on Elliptic Curve Discrete Logarithm difficulty hypothesis and computational Diffie-Hellman difficulty hypothesis, meets the basic security demand needed for key agreement system.
In addition, the authenticated key agreement system based on level identity base without certificate according to the above embodiment of the present invention, can also have following additional technical characteristic:
Further, also comprise: key negotiation module, described key negotiation module is used for any second user A and the 3rd user B, according to the identity vector of described second user A second private key for user is d a, the second client public key pk awith the identity vector of described 3rd user B 3rd private key for user d b, the 3rd client public key pk b, and the second user and the 3rd user's random selecting with calculate described second user A sends the first session key sk from message use to described 3rd user B awith described 3rd user B to described second user A send out message use the second session key sk bif, described first session key sk awith described second session key sk bidentical, can securely communicate between described second user A and described 3rd user B.
Additional aspect of the present invention and advantage will part provide in the following description, and part will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or additional aspect of the present invention and advantage will become obvious and easy understand from accompanying drawing below combining to the description of embodiment, wherein:
Fig. 1 is the structural representation of the authenticated key agreement system based on level identity base without certificate of one embodiment of the invention;
Fig. 2 is the schematic diagram of the cipher key agreement process of one embodiment of the invention.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Being exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not limitation of the present invention being interpreted as.
In describing the invention, it is to be appreciated that term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance.
With reference to description below and accompanying drawing, these and other aspects of embodiments of the invention will be known.Describe at these and in accompanying drawing, specifically disclose some particular implementation in embodiments of the invention, representing some modes of the principle implementing embodiments of the invention, but should be appreciated that the scope of embodiments of the invention is not limited.On the contrary, embodiments of the invention comprise fall into attached claims spirit and intension within the scope of all changes, amendment and equivalent.
Below in conjunction with accompanying drawing description according to the authentication key agreement method based on level identity base without certificate of the embodiment of the present invention and negotiating system.
Main symbol and elliptic curve are chosen:
1) p, q: Big prime
2) : exponent number is the finite field of p
3) : finite field on elliptic curve E
4) : the set of the point on elliptic curve E is the circled addition group on q rank
5) P: the generator of group G
6) : integer set 1,2 ..., q-2, q-1}
7) PKG: private key generating center
8) H 1: the hash function of safety,
9) H 2: the hash function of safety,
10) : session key space
Elliptic curve available equation is expressed as:
Y 2≡ x 3+ ax+bmodp, wherein and 4a 3+ 27b 2≠ 0modp group o is infinity point group for circled addition group, group operatione is add operation (point multiplication operation), is described below:
The present invention can be divided into system to set up, and part private key generates, and private key generates, and private key is entrusted and key agreement double teacher.The method is specifically constructed as follows:
(1) (pp, msk) ← Root-Setup (λ): system is set up algorithm and run by root PKG, chooses the elliptic curve circled addition group that the rank meeting safe constant λ are q namely | q|=λ, generator be P.Choose safe hash function: for session key space.Choose main private key msk=s, calculate PKI P pub=sP.Export the system parameters of overall importance shared:
(2) (k) ← Partial-Private-KeyGen (msk, ID): part private key generating algorithm is run by root PKG, given main private key msk and any one user identity vector ID=(I 1, I 2..., I t), PKG random selecting calculate r i=H 1(I i|| g ip), wherein 1≤i≤t.Export the part private key k corresponding to this user:
k = s + Σ i = 1 t ( g i r i )
If k=0, then need again to choose by safe lane by { g 1p ..., g tp, k} send to user (I 1, I 2..., I t), wherein g 1p ..., g tp is the part PKI of user ID.User rs authentication equation:
k P = P p u b + Σ i = 1 t ( H 1 ( I i | | g i P ) g i P )
If equation is false, then refuse this part private key.
(3) (d) ← Set-Private-Key (k, ID): private key generating algorithm is run by user ID, random selecting export the private key d of this user:
d=k+x
If d=0, then need again to choose and calculate private key for user.The PKI of this user is pk={ID, g 1p ..., g tp, xP}.
(4) (k) ← Partial-Delegate (k ', ID): part private key entrusts algorithm by user ID=(I 1, I 2..., I t) upper strata PKG run, wherein ID pKG=(I 1, I 2..., I t-1), the part private key of PKG is part PKI is { g 1p ..., g t-1p}.Random selecting calculate r t=H 1(I t|| g tp).PKG is user ID generating portion private key k:
k = k ′ + g t r t = s + Σ i = 1 t - 1 ( g i r i ) + g t r t = s + Σ i = 1 t ( g i r i )
If k=0, then need again to choose by safe lane by { g 1p ..., g tp, k} send to user ID, wherein g 1p ..., g tp is the part PKI of user.User rs authentication equation:
k P = P p u b + Σ i = 1 t ( H 1 ( I i | | g i P ) g i P )
If equation is false, then refuse this part private key.If equation is set up, user can perform private key and the PKI that Set-Private-Key algorithm generates oneself.
(5) (sk) ← Agreement (pk 1, T 1, pk 2, T 2): cipher key agreement process is as shown in Figure 2.For user A and B, the level wherein residing for user A is l a, the private key of A is d a, PKI pk afor { ID A , g 1 P , ... , g l A P , x A P } 。Level residing for user B is l b, ID B = ( I 1 ′ , I 2 ′ , ... , I l B ′ ) , The private key of B is d b, PKI pk bfor
A random selecting calculate T a=ad ap, sends { T a, pk ato B, B random selecting calculate T b=bd bp, sends { T b, pk bto A, A and B session key respectively:
User A does following calculating:
k A B = d A ( T B + a ( P p u b + x B P + Σ i = 1 l B ( H 1 ( I i ′ | | g i ′ P ) g i ′ P ) ) ) = d A ( bd B P + ad B P ) = ( a + b ) d A d B P ad A T B = abd A d B P
Session key is: sk a=H 2(k aB|| abd ad bp)
User B does following calculating:
k B A = d B ( T A + b ( P p u b + x A P + Σ i = 1 l A ( H 1 ( I i | | g i P ) g i P ) ) ) = d B ( ad A P + bd A P ) = ( a + b ) d A d B P = k A B bd B T A = abd A d B P
Session key is: sk b=H 2(k bA|| abd ad bp)
User A and B obtains identical session key, can securely communicate.
In addition, other of the authentication key agreement method based on level identity base without certificate of the embodiment of the present invention and negotiating system is formed and effect is all known for a person skilled in the art, in order to reduce redundancy, does not repeat.
In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
Although illustrate and describe embodiments of the invention, those having ordinary skill in the art will appreciate that: can carry out multiple change, amendment, replacement and modification to these embodiments when not departing from principle of the present invention and aim, scope of the present invention is by claim and equivalency thereof.

Claims (9)

1., without the authentication key agreement method based on level identity base of certificate, it is characterized in that, comprise the following steps:
A: according to the safe constant λ of input, show that exponent number is the elliptic curve circled addition group of q its generator is P, chooses main private key msk, calculates PKI P pub, choose safe hash function H 1with hash function H 2;
B: according to the identity vector ID=(I of first user 1, I 2..., I t), the private key d of described first user can be generated by two kinds of algorithms:
B1: according to described main private key msk, described first user identity vector ID=(I 1, I 2..., I t) and random selecting root PKG calculates part private key k and the part PKI g of described first user 1p ..., g tp, described first user verifies whether described part private key k meets verification condition, if described part private key k meets verification condition, described first user accepts described part private key k and part PKI g 1p ..., g tp;
B2: according to described part private key k and part PKI g 1p ..., g tp and first user random selecting generate private key d and the PKI pk of described first user;
Or
B ' 1: according to the identity vector ID=(I of described first user 1, I 2..., I t), the identity vector ID of the upper-layer user of described first user pKG=(I 1, I 2..., I t-1), the part private key k ' of described upper-layer user, part PKI { g 1p ..., g t-1p} and random selecting the PKG of described upper-layer user is described first user generating portion private key k and part PKI g 1p ..., g tp, described first user verifies whether described part private key k meets verification condition, if described part private key k meets verification condition, described first user accepts described part private key k and part PKI g 1p ..., g tp;
B ' 2: according to described part private key k and part PKI g 1p ..., g tp and first user random selecting generate private key d and the PKI pk of described first user.
2. the authentication key agreement method based on level identity base without certificate according to claim 1, it is characterized in that, described steps A comprises further:
Described elliptic curve circled addition group for the elliptic curve circled addition group that the rank meeting safe constant λ are q;
Described PKI P pub=sP, wherein main private key msk=s;
Described hash function and
Described hash function wherein for session key space.
3. the authentication key agreement method based on level identity base without certificate according to claim 2, it is characterized in that, described step B1 comprises further:
According to described main private key msk, described first user identity vector ID=(I 1, I 2..., I t) and described PKG random selecting calculate r i=H 1(I i|| g ip), wherein 1≤i≤t, the part private key k of described first user is:
k = s + Σ i = 1 t ( g i r i )
If k=0, then need again to choose by safe lane by { g 1p ..., g tp, k} send to described first user, wherein g 1p ..., g tp is the part PKI of described first user, described first user checking following equalities:
k P = P p u b + Σ i = 1 t ( H 1 ( I i | | g i P ) g i P )
If equation is false, then refuse described part private key k and part PKI g 1p ..., g tp.
4. the authentication key agreement method based on level identity base without certificate according to claim 3, it is characterized in that, described step B2 comprises further:
Random selecting generate described first user private key d,
d=k+x
If d=0, again choose calculate the private key d of described first user, the PKI of described first user is pk={ID, g 1p ..., g tp, xP}.
5. the authentication key agreement method based on level identity base without certificate according to claim 2, is characterized in that, described step B ' 1 comprises further:
According to the identity vector ID=(I of described first user 1, I 2..., I t), the upper-layer user ID of described first user pKG=(I 1, I 2..., I t-1), the part private key of described upper-layer user part PKI { the g of described upper-layer user 1p ..., g t-1p} and random selecting calculate r t=H 1(I t|| g tp), the PKG of described upper-layer user is that described first user generates described part private key k, and described part private key k is obtained by following formula:
k = k ′ + g t r t = s + Σ i = 1 t - 1 ( g i r i ) + g t r t = s + Σ i = 1 t ( g i r i ) ,
If k=0, then again choose and calculate described part private key k, by safe lane by { g 1p ..., g tp, k} send to described first user, wherein g 1p ..., g tp is the part PKI of described first user, described first user checking following equalities:
k P = P p u b + Σ i = 1 t ( H 1 ( I i | | g i P ) g i P )
If equation is false, described first user refuses described part private key k and part PKI g 1p ..., g tp.
6. the authentication key agreement method based on level identity base without certificate according to claim 5, is characterized in that, described step B ' 2 comprises further:
Random selecting generate described first user private key d,
d=k+x
If d=0, again choose calculate the private key d of described first user, the PKI of described first user is pk={ID, g 1p ..., g tp, xP}.
7., according to the arbitrary described authentication key agreement method based on level identity base without certificate of claim 1-6, it is characterized in that, further comprising the steps of in step B:
C: Stochastic choice second user A and the 3rd user B, according to the identity vector of described second user A second private key for user d a, the second client public key pk awith the identity vector of described 3rd user B 3rd private key for user d b, the 3rd client public key pk b, and the second user and the 3rd user respectively random selecting with calculate described second user A sends out the first session key sk from message use to described 3rd user B awith described 3rd user B to described second user A send out message use the second session key sk bif, described first session key sk awith described second session key sk bidentical, can securely communicate between described second user A and described 3rd user B.
8., without the authenticated key agreement system based on level identity base of certificate, it is characterized in that, comprising:
System sets up module, for the safe constant λ according to input, show that exponent number is q elliptic curve circled addition group its generator is P, chooses main private key msk, calculates PKI P pub, choose safe hash function H 1with hash function H 2;
Private key generation module, described private key generation module is used for according to described main private key msk, described first user identity vector ID=(I 1, I 2..., I t) and random selecting calculate part private key k and the part PKI g of described first user 1p ..., g tp, after verifying by authentication module, and according to described part private key k and part PKI g 1p ..., g tp and random selecting generate private key d and the PKI pk of described first user, wherein, the set of expression integer 1,2 ..., q-2, q-1};
Private key commit module, described private key commit module is used for the identity vector ID=(I according to described first user 1, I 2..., I t), the upper-layer user ID of described first user pKG=(I 1, I 2..., I t-1), the part private key k ' of described upper-layer user, part PKI { g 1p ..., g t-1p} and random selecting generate part private key k and the part PKI g of described first user 1p ..., g tp, after described authentication module checking, and according to described part private key k and part PKI g 1p ..., g tp and random selecting generate private key d and the PKI pk of described first user, wherein, the set of expression integer 1,2 ..., q-2, q-1};
Authentication module, the described part private key k that described authentication module is used for described part private key k and the described private key commit module of described private key generation module generation generate verifies.
9. the authenticated key agreement system based on level identity base without certificate according to claim 8, is characterized in that, also comprise:
Key negotiation module, described key negotiation module is used for any second user A and the 3rd user B, according to the identity vector of described second user A second private key for user d a, the second client public key pk awith the identity vector of described 3rd user B 3rd private key for user d b, the 3rd client public key pk b, and the second user and the 3rd user respectively random selecting with calculate described second user A sends the first session key sk from message use to described 3rd user B awith described 3rd user B to described second user A send out message use the second session key sk bif, described first session key sK awith described second session key sk bidentical, can securely communicate between described second user A and described 3rd user B.
CN201510475808.XA 2015-08-05 2015-08-05 The authentication key agreement method and negotiating system based on level identity base without certificate Active CN105187205B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510475808.XA CN105187205B (en) 2015-08-05 2015-08-05 The authentication key agreement method and negotiating system based on level identity base without certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510475808.XA CN105187205B (en) 2015-08-05 2015-08-05 The authentication key agreement method and negotiating system based on level identity base without certificate

Publications (2)

Publication Number Publication Date
CN105187205A true CN105187205A (en) 2015-12-23
CN105187205B CN105187205B (en) 2018-05-15

Family

ID=54909060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510475808.XA Active CN105187205B (en) 2015-08-05 2015-08-05 The authentication key agreement method and negotiating system based on level identity base without certificate

Country Status (1)

Country Link
CN (1) CN105187205B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106571912A (en) * 2016-10-31 2017-04-19 全球能源互联网研究院 Two-side authentication method for power system
CN106789042A (en) * 2017-02-15 2017-05-31 西南交通大学 User in IBC domains accesses the authentication key agreement method of the resource in PKI domains
CN107733649A (en) * 2017-11-21 2018-02-23 武汉珈港科技有限公司 A kind of hierarchical public key trust model building method of identity-based mark
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate
CN110971401A (en) * 2019-11-19 2020-04-07 武汉大学 Authentication key negotiation method based on cross-interlocking mechanism and implementation device thereof
CN111245847A (en) * 2020-01-15 2020-06-05 北京三未信安科技发展有限公司 Lightweight certificateless authentication method, client and system
CN111865988A (en) * 2020-07-22 2020-10-30 山东华普信息科技有限公司 Certificate-free key management method, system and terminal based on block chain
CN112544052A (en) * 2020-07-30 2021-03-23 华为技术有限公司 Key agreement method and device
CN112804659A (en) * 2020-12-23 2021-05-14 郑州信大捷安信息技术股份有限公司 Internet of vehicles safety communication method
CN113572603A (en) * 2021-07-21 2021-10-29 淮阴工学院 Heterogeneous user authentication and key agreement method
CN114007220A (en) * 2021-10-20 2022-02-01 武汉大学 Short-term session key generation method, authentication key negotiation method and system
CN114095229A (en) * 2021-11-15 2022-02-25 中国电力科学研究院有限公司 Method, device and system for constructing data transmission protocol of energy Internet

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547099A (en) * 2009-05-07 2009-09-30 张键红 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature
US20100205443A1 (en) * 2007-10-23 2010-08-12 Sufen Ding Method and structure for self-sealed joint proof-of-knowledge and diffie-hellman key-exchange protocols
CN102098157A (en) * 2009-12-10 2011-06-15 塔塔咨询服务有限公司 A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN104767611A (en) * 2015-05-05 2015-07-08 九江学院 Signcryption method from public key infrastructure environment to certificateless environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100205443A1 (en) * 2007-10-23 2010-08-12 Sufen Ding Method and structure for self-sealed joint proof-of-knowledge and diffie-hellman key-exchange protocols
CN101547099A (en) * 2009-05-07 2009-09-30 张键红 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature
CN102098157A (en) * 2009-12-10 2011-06-15 塔塔咨询服务有限公司 A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN104539423A (en) * 2014-12-16 2015-04-22 熊荣华 Achievement method of certificate-less public key cryptosystem without bilinear pairing operation
CN104767611A (en) * 2015-05-05 2015-07-08 九江学院 Signcryption method from public key infrastructure environment to certificateless environment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SEYED-MOHSEN GHOREISHI,ET AL.: "New Secure Identity-Based and Certificateless Authenticated Key Agreement Protocols Without Pairings", 《2014 INTERNATIONAL SYMPOSIUM ON BIOMETRICS AND SECURITY TECHNOLOGIES (ISBAST)》 *
曹晨磊等: "基于层级化身份的可证明安全的认证密钥协商协议", 《电子与信息学报》 *
郭松辉等: "一种基于椭圆曲线的轻量级身份认证及密钥协商方案", 《计算机科学》 *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106571912B (en) * 2016-10-31 2019-10-01 全球能源互联网研究院有限公司 A kind of two side's authentication methods towards electric system
CN106571912A (en) * 2016-10-31 2017-04-19 全球能源互联网研究院 Two-side authentication method for power system
CN106789042A (en) * 2017-02-15 2017-05-31 西南交通大学 User in IBC domains accesses the authentication key agreement method of the resource in PKI domains
CN106789042B (en) * 2017-02-15 2019-12-31 西南交通大学 Authentication key negotiation method for user in IBC domain to access resources in PKI domain
CN107733649A (en) * 2017-11-21 2018-02-23 武汉珈港科技有限公司 A kind of hierarchical public key trust model building method of identity-based mark
CN107733649B (en) * 2017-11-21 2020-05-22 武汉珈港科技有限公司 Hierarchical public key trust model construction method based on identity
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate
CN110971401B (en) * 2019-11-19 2021-10-22 武汉大学 Authentication key negotiation method based on cross-interlocking mechanism and implementation device thereof
CN110971401A (en) * 2019-11-19 2020-04-07 武汉大学 Authentication key negotiation method based on cross-interlocking mechanism and implementation device thereof
CN111245847A (en) * 2020-01-15 2020-06-05 北京三未信安科技发展有限公司 Lightweight certificateless authentication method, client and system
CN111865988A (en) * 2020-07-22 2020-10-30 山东华普信息科技有限公司 Certificate-free key management method, system and terminal based on block chain
CN111865988B (en) * 2020-07-22 2022-10-18 山东华普信息科技有限公司 Certificate-free key management method, system and terminal based on block chain
CN112544052A (en) * 2020-07-30 2021-03-23 华为技术有限公司 Key agreement method and device
CN112804659B (en) * 2020-12-23 2022-04-08 郑州信大捷安信息技术股份有限公司 Internet of vehicles safety communication method
CN112804659A (en) * 2020-12-23 2021-05-14 郑州信大捷安信息技术股份有限公司 Internet of vehicles safety communication method
CN113572603A (en) * 2021-07-21 2021-10-29 淮阴工学院 Heterogeneous user authentication and key agreement method
CN113572603B (en) * 2021-07-21 2024-02-23 淮阴工学院 Heterogeneous user authentication and key negotiation method
CN114007220A (en) * 2021-10-20 2022-02-01 武汉大学 Short-term session key generation method, authentication key negotiation method and system
CN114007220B (en) * 2021-10-20 2023-12-08 武汉大学 Short-term session key generation method, authentication key negotiation method and system
CN114095229A (en) * 2021-11-15 2022-02-25 中国电力科学研究院有限公司 Method, device and system for constructing data transmission protocol of energy Internet

Also Published As

Publication number Publication date
CN105187205B (en) 2018-05-15

Similar Documents

Publication Publication Date Title
CN105187205B (en) The authentication key agreement method and negotiating system based on level identity base without certificate
Huang et al. Certificateless signatures: new schemes and security models
Tso et al. Strongly secure certificateless short signatures
Li et al. An efficient short certificate-based signature scheme
US8225098B2 (en) Direct anonymous attestation using bilinear maps
CN104917618B (en) Authentication key agreement method and system based on level identity base
Yuan et al. Certificateless signature scheme with security enhanced in the standard model
Herranz Attribute-based signatures from RSA
Wu et al. Cryptanalysis and improvement of a new certificateless signature scheme in the standard model
Gupta PiLike: Post-quantum identity-based lightweight authenticated key exchange protocol for IIoT environments
Chen et al. Certificateless signatures: structural extensions of security models and new provably secure schemes
Li et al. A forward-secure certificate-based signature scheme
Zhou et al. CCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction.
Sahana et al. A provable secure key-escrow-free identity-based signature scheme without using secure channel at the phase of private key issuance
Jie et al. Improved certificateless multi-proxy signature
Chen et al. A provably secure certificateless proxy signature scheme
Li et al. Provably secure certificate‐based key‐insulated signature scheme
Du et al. Certificate-based key-insulated signature
Yao et al. Certificate-based encryption scheme without pairing
Wang et al. Simulatable and secure certificate‐based threshold signature without pairings
Zhang et al. A certificateless ring signature scheme with high efficiency in the random oracle model
Ming et al. Certificateless proxy signature scheme in the standard model
Li et al. An efficient certificate-based designated verifier signature scheme
Xu et al. An Improved Identity-Based Multi-Proxy Multi-Signature Scheme.
Islam et al. Design of an efficient ID-based short designated verifier proxy signature scheme

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant